Rhebo Industrial Protector
ICS Monitoring - Continous ICS CyberSecurity
Rhebo Industrial Protector Industrial Control Systems (ICS) are the nervous system of highly efficient manufacturing in Industry 4.0. They are also characterized by increasing complexity and links to networks outside the industrial environment (i.e. internet). The key to efficient and secure manufacturing is effective management of the ICS and the maintenance of high network quality. Only those who ensure digital transparency can protect their production against technical malfunctions, network failures, and advanced cyber threats. Rhebo Industrial Protector supports you in effectively controlling, optimizing and protecting complex ICS according to industry standards such as IEC 62443 and ISO 27001.
The connection to Internet services, remote access points and the lack of security by design of industrial components increase the risk of malfunctions, manipulation via remote access, cyber-attacks, and technical errors in the ICS. The industrial network monitoring system Rhebo Industrial Protector monitors all communication within an industrial control system (ICS).
The system learns the communication pattern of normal operation within a very short time. Subsequently, the communication is continuously analyzed down to the level of the frame contents using deep-packet inspection driven anomaly detection. Any deviation from the regular communication pattern is reported in real-time as an anomaly. Analysis and reporting are entirely non-reactive and passive, preventing the overload or disturbance of the ICS processes.
The network monitoring detects and reports both processes relevant for cybersecurity and technical error states. Risk assessment, network maps, raw data storage, filters, and interface integration support the efficient analysis and mitigation of attacks and errors. Thus, operators and security experts can actively react to risks, prevent disruptions, and protect supply.
Problems that the product solves
- Inventory of network assets of the control system
- Identification of industrial network devices and their vulnerabilities in databases
- Unauthorized access to process control networks and their data
- Monitoring the status of devices of the control system network
- Changes in application programs of PLC, IF, instrumentation, HMI; reading them, changing FW
- Incorrect, incomplete packets, communication anomalies
- Deviations of industrial communications from normal behavior (baseline), the appearance of protocols uncharacteristic for control systems
- Identifying threats from a signature database
- The emergence of new network assets uncharacteristic for process control systems
Rhebo Industrial Protector continuously analyzes the communication in the ICS and evaluates it for anomalies. Both security-relevant incidents and technical error conditions are reliably recorded, evaluated and reported in real-time - no matter if they were previously known or yet unidentified.
Benefits of Rhebo Industrial Protector:
Continuous visualization of all devices, connections and communication flows in the industrial control system, as well as the properties corresponding to them.
Reports of anomalies
Reporting of all security-related and technical anomalies in real-time, with the difference in the first incident and recurrent events.
Immediate risk assessment through the specifications of each anomaly as a security incident or incident of network quality.
Detailed forensic analysis and evaluation of patches by storing all incident details, including a copy of the raw data in the form of PCAP.
Easy integration of network visibility options into existing server systems through universal interfaces and automated transfer rules.